-36- 



PATENT 
Docket No: 036258.0202 



What is claimed is: 



1 LA method for provisioning users with resources, the method comprising the 

2 steps of: 

3 establishing a set of attributes, organizational information, and user roles; 

4 defining a plurality of resource provisioning policies based on selected 

5 attributes, organizational information, and user roles; 

6 receiving attribute information, organizational information, and user role 

7 information for a particular user, resource, or database; 

8 determining which resource provisioning policies are applicable to the user 

O 

0 9 based on the received user role information, organizational information, and attribute 

10 information; 

11 seeking additional information or authorizations from third parties in accordance 
f;o 12 with the applicable resource provisioning policies; and 

13 provisioning the user with the resources specified by the applicable resource 

; :J 14 provisioning policies if all necessary additional information or authorizations have been 

1 LI 15 received from the third parties. 

H i 2. A method as recited in claim 1, the step of receiving attribute information, 

2 organizational information, and user role information comprising the step of receiving input 

3 from a user interface. 

1 3. A method as recited in claim 1, the step of receiving attribute information, 

2 organizational information, and user role information for a particular user comprising 

3 receiving attribute information and user role information from an employee records database. 
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1 4. A method as recited in claim 2, the step of seeking additional information or 

2 authorizations from third parties comprising the steps of: 

3 providing the third party with access to the user interface; 

4 indicating to the third party which information or authorization needs to be 

5 supplied; and 

6 suspending the provisioning of resources to the user until the additional 

7 information or authorization is supplied. 

1 5. A method as recited in claim 1, the step of seeking additional information or 

2 authorizations from third parties comprising the steps of: 

3 receiving first additional information or authorizations from third parties in 

4 accordance with the applicable resource provisioning policies; and 

5 seeking second additional information or authorizations from other third parties 

6 or the user based on the received first additional information or authorizations and the received 

7 attribute information, organizational information, and user role information. 

1 6. A system for provisioning users with resources, the system comprising: 

2 a data server for storing a set of attributes, organizational information, and user 

3 roles, a plurality of resource provisioning policies based on selected attributes, organizational 

4 information, and user roles, and attribute information and user role information for a particular 

5 user or resource; and 

6 one or more processors coupled to the memory and an organizational network, 

7 the processors programmed for 

8 determining which resource provisioning policies are applicable to the 

9 stored user role information, organizational information, and attribute information, 

10 seeking additional information or authorizations from third parties in 

11 accordance with the applicable resource provisioning policies, and 
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12 provisioning a user with the resources specified by the applicable 

13 resource provisioning policies if all necessary additional information or authorizations have 

14 been received from the third parties . 

1 7. A system as recited in claim 6, further including a user interface for inputting 

2 the attribute information and user role information for a particular user or resource. 

1 8. A system as recited in claim 6, the data server further including an employee 

2 records database for storing attribute information and user role information for a particular 

3 user. 

!3 1 9. A system as recited in claim 7, the processor further programmed for: 

j 2 providing the third party with access to the user interface; 

'f. 3 indicating to the third party which information or authorization needs to be 

; 4 supplied; and 

ft 5 suspending the provisioning of resources to the user until the additional 

3 6 information or authorization is supplied. 

t 1 10. A system as recited in claim 6, the processor further programmed for: 

3 2 receiving first additional information or authorizations from third parties in 

3 accordance with the applicable resource provisioning policies; and 

4 seeking second additional information or authorizations from other third parties 

5 or the user based on the received first additional information or authorizations and the stored 

6 attribute information, organizational information, and user role information. 
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